Tuesday, May 19, 2020

securityonion-capme - 20121213-0ubuntu0securityonion79 resolves a Reflected XSS vulnerability

Kevin Breen responsibly disclosed a Reflected XSS vulnerability in CapMe. We've improved input validation to address this vulnerability and the following package is now available:

securityonion-capme - 20121213-0ubuntu0securityonion79

These updates should resolve the following issues:

securityonion-capme: improve input validation in functions.php #1767
https://github.com/Security-Onion-Solutions/security-onion/issues/1767

Timeline
2020-05-19 10:13 AM Eastern
Received email from Kevin Breen detailing the Reflected XSS vulnerability.

2020-05-19 10:15 AM Eastern
Acknowledged email.

2020-05-19 10:48 AM Eastern
Sent patch to Kevin for verification.

2020-05-19 12:21 PM Eastern
Received verification from Kevin and began the publishing process.

Thanks
Thanks to Kevin Breen for responsibly disclosing this vulnerability!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.